Wednesday, June 06, 2012

Confirmed: LinkedIn 6mil password dump is real

Today's news is that 6 million LinkedIn password hashes were dumped to the Internet. I can confirm this hack is real: the password I use for LinkedIn is in that list. I use that password NOWHERE ELSE. Furthermore, it's long/complex enough that I'm confident NOBODY ELSE uses the same password. Other security pros are reporting the same result. Therefore, we can confirm that this hack is real.

The way I tested to see if my password was in the list was to first generate a SHA-1 hash of my password, then I searched in the file "combo_not.txt" that I downloaded from the Internet containing the 6 million password hashes. I found a match.

To make it easy to calculate your SHA-1 password, I've included a form below. This is done in JavaScript inside your browser, it does not submit your password/hash to me or anybody else:

This means instead of searching for the complete SHA-1 output, you want to search for just the later part of the hash. People think that this means that the hacker has already cracked any passwords that have been zeroed out this way, which means that if you see zeroes in your matching password, then your password is already stolen.

Also note that if your password is long enough (like greater than 15 characters) and complex enough, then it's still probably safe. A 15 character SHA-1 password composed of upper/lower case with symbols and digits is too large for "brute-force" and "rainbow tables". However, if you've composed it of dictionary words, then it could fall to a "mutated dictionary" attack.

Update: This is a sorted list of unique passwords. Thus, if 50 people use the password "password", it'll only show up once in this list. Which it does. The password of "password" is hashed using SHA-1 to "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", which appears as "000001e4c9b93f3f0682250b6cf8331b7ee68fd8" in this list.

Update: Where do these passwords come from? The answer is the: the cracking underground. When hackers break into a network and steal the encrypted passwords, they crack as many as they can, and then exchange the dumps with their friends. Each hacker uses different tools, uses different dictionaries, and so on. Thus, once they've exhausted your their techniques, another hacker is still likely to be able to crack many more passwords.

Update: It took me only a couple minutes to verify that this hack is real, yet LinkedIn has not been able to:

Our team continues to investigate, but at this time, we're still unable to confirm that any security breach has occurred. Stay tuned here.

This reflects poorly on the trustworthiness of LinkedIn. It's proper that you make such a comment before you know what's going on, but they've had hours to verify this, we should've gotten an update by now.

Update:LinkedIn has a semi-confirmation as explained in their blogpost here. However, it only says they confirm that some of the passwords that were compromised correspond to LinkedIn accounts. That avoids accepting blame, after all, in other prominent password attacks (like one recently against Twitter), the source of the hack was not Twitter's fault, but due to "password reuse", as users used the same password for Twitter that they used for other websites, and it's the other websites that were hacked. As I (and other security pros) have confirmed, we don't reuse passwords. This password list comes from LinkedIn, and from no other source.

Update: How fast can hackers crack passwords? The answer "2 billion per second" using the Radeon HD 7970 (the latest top-of-the-line graphics processor). Each letter of a password has 100 combinations (UPPER, lower, d1g1ts, $ymbols). A 5 letter password therefore has 100 x 100 x 100 x 100 x 100 or 10 billion combinations, meaning it can be cracked in 5 seconds. A 6 letter password has 100 times that, or 500 seconds. A 7 letter password has 100 times that, or 50,000 seconds, or 13 hours. An 8 character password is roughly 57 days. A 9 character password is 100 times that, about 15 years. In other words, if your password was 7 letters, the hacker has already cracked it, but if it's 9 letters, it's too difficult to crack with brute force.

Update: A site http://leakedin.org will check this for you. They claim to has the password in the browser (like I do above), then check the database. I don't know if this is true -- but since you are going to change your password regardless, maybe it doesn't matter.
Update: What does password cracking look like? I started the "hashcat" tool to examine the file. It looks like this:

I'm using the latest Radeon HD 7970 graphics card. Note that I'm only getting a cracking rate of 400-million passwords/second, while the 7970 can actually do 2-billion/second. That's because I'm doing "multi-hash" cracking, testing each hash against the entire original list of 6.5 million hashes. That lookup takes longer than calculating the hash in the first place. I can dramatically increase hashing speed by first removing all the easily cracked passwords from the list, making it smaller, and hence making lookups faster.

Uh. If you think your password is compromised, but don't know, the last thing I would do is go putting your password into someone's random web site where it can be collected.

The right answer is to immediately change your password. Preferably to something with enough bits that it won't be broken trivially. I suggest 22 characters or so. This isn't so bad, since you can actually use dictionary words if you have a password that long and it won't be trivial to use a dictionary attack on.

My current LinkedIn password is not on that list, however, a "low-security" password (two dictionary words separated by a digit) that I have used at various untrustworthy websites was in fact on the list. Either this is an old dump from LinkedIn, or some of the data came from elsewhere, or both.

Someone found that about 10% of the hashes appear both in full and starting with 00000. Does that mean two different passwords had a similar hash (except the first 5 characters) and one of them was cracked?Are there full hashes that are equal except for the first 5 characters?

I released tool to check if your passsword is in the leaked LinkedIn hashes. Your inputted password is hashed on the client side with Javascript before being submitted to server and cross checked with the hash list. http://linkedin.biorra.com

> "by first removing all the easily cracked passwords from the list"So how does one do that? Isn't the purpose of a hash to make it so that (among other things) you can't tell which hashes are easily cracked, other than cracking them?

I found the file, downloaded it, SHA-1'd my old password locally (after changing it on LinkedIn.com), and found it in the file without the leading 5 0's. Looks like LinkedIn is failing to disclose the hack. Took me just a few minutes to confirm it myself.

Thanks for checking. And thank you for your concern about my password. The password that is behind that hash has more than 90 bits of entropy, is unique (not used for any other service), and is for a closed LinkedIn account. I wouldn't have posted it otherwise.

I'd like to thank you for the efforts you have put in writing this site. I really hope to see the same high-grade blog posts by you in the future as well. In truth, your creative writing abilities has encouraged me to get my own, personal website now ;)